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DETAILED ACTION 



Acknowledgements 



1 . This action is responsive to Applicants' preliminary amendments received 1 8 May 2006. 

2. This action has been assigned paper number 20 1 003 1 7 for reference purposes only. 

3. Claims 1-19 are pending. 

4. Claims 1-19 have been examined. 



5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

6. Claims 18 and 19 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

7. These claims are directed toward "[a] computer program product." In their specification, 
Applicants state "a computer program product may be a physical medium, e.g., a semiconductor 
memory or a diskette or a CD-ROM. The computer program product may also be, for example, a 
non-physical medium, e.g., a signal transmitted over a computer network" (Page 6, Lines 15-18). 
MPEP § 2106 IV(B) states "[a] transitory, propagating signal ... is not a process, machine, 
manufacture, or composition of matter. ' . . . Thus, such a signal cannot be patentable subject 
matter." Because Applicants have expressly recited in their specification that a "computer 
program product" can be "a signal transmitted over a computer network" and because MPEP § 
2106 IV(B) states a transitory, propagating signal cannot be patentable subject matter, claims 18 
and 19 which are directed to a transitory, propagating signal in at least one interpretation, are 
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non-statutory. See also In re Nuijten, 500 F.3d 1346, 84 USPQ2d 1495 (Fed. Cir. 2007) and 
Subject Matter Eligibility of Computer Readable Media, 1351 OG 212. 



8. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

9. Claims 1-19 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

10. Claim 1 recites "determining identification information which identifies the user" but 
does not link the identification information or its determination to any other part of the method. 
Therefore, one of ordinary skill in the art would not understand the metes and bounds of this 
claim. 

1 1 . Claim 1 also recites "sending data to the background system to authenticate the terminal 
at the background system" and "sending data which is related to the personal feature of the user 
to the background system." One of ordinary skill in the art would not understand if the two 
recitations of "data" are the same data or different data. If it is Applicants' intent for the data to 
be different, the Examiner respectfully suggests using an adjective to distinguish the pieces of 
data, such as "terminal data" and "feature data" respectively. 

12. Claims 8 and 15-19 also contain multiple uses of the word "data" where it is not clear if 
they are the same data or different data. Again, the Examiner suggests naming the different 
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pieces of data so one of ordinary skill in the art would understand the metes and bounds of the 
claims. 

13. Claim 1 recites "playing back a secret given by the secret data to the user." One of 
ordinary skill in the art would not understand how to "playback" text, image, or tactile 
information. Claim 4 recites "the secret played back to the user is at least one of a text 
information, acoustic information, visual information, and tactile information" which indicates 
that claim one at least can read on text and tactile information. Because the claim reads on 
playing back text or tactile information, and because one of ordinary skill in the art would not 
understand how to playback text or tactile information, the claim is indefinite because the metes 
and bounds of the claim cannot be determined. 

14. Claims 15, 17, and 18 contain similar limitations and are rejected under the same 
rationale. 

15. Claim 1 further recites "sending data to the background system... to transmit user 
identification data." This does not make grammatical sense. It is the Examiner's position that 
Applicants are attempting to define the data being sent. However, as currently worded, the claim 
suggests that sending one piece of data somehow results in another piece being transmitted. One 
of ordinary skill in the art would not understand the metes and bounds of this limitation. 

16. Claims 15 and 18 contain similar limitations and are rejected under the same rationale. 
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17. Claim 16 is directed to "[a] background system. . .adapted for: receiving. . .and 
receiving. . .by the user" and conditionally "accessing. . .and sending." It is unclear what structure 
someone would need to be in possession of in order to infringe this claim. Because one of 
ordinary skill in the art would not know whether their system infringes this claim, the claim is 
indefinite. 

18. Claim 17 is similarly directed to "[a] system... adapted for." Claim 17 does recite that the 
system comprises " a background system and at least one terminal." However, the structure of 
the background system and the terminal(s) is unclear. Therefore, claim 17 is rejected under the 
same rationale. 

19. Claim 17 recites "[a] system comprising a background system and at least one 
terminal. . .the system is adapted for... performing the transaction using data pertaining at least to 
the personal feature of the user." It is unclear which part of the system, the background system 
or the terminal, is "adapted for" "performing the transaction." Because one of ordinary skill in 
the art would not understand which component is adapted for performing the function, they 
would not understand the metes and bounds of the claim. 

20. Claim 17 also recites "the system being equipped for authorizing a transaction by a user." 
One of ordinary skill in the art would not understand what structure is necessary in order for "the 
system" to be "equipped for authorizing a transaction." Because the structure is unclear, one of 
ordinary skill in the art would not be able to know if their system infringes on this claim. 
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21 . The Examiner finds that because particular claims are rejected as being indefinite under 
35 U.S.C. §1 12 2nd paragraph, it is impossible to properly construe claim scope at this time. 
However, in accordance with MPEP §2173.06 and the USPTO's policy of trying to advance 
prosecution by providing art rejections even though these claim are indefinite, the claims are 
construed and the art is applied as much as practically possible. 



22. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



23. Claims 1-19, as understood by the Examiner, are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Lai On (US 2002/0059531) in view of Schneier (Applied 
Cryptography). 

24. As to claims 1, 8, and 13-18, 

a. A method for authorizing a transaction by a user using a terminal ("First Vendor," 
Figure 3, 301) which is capable of communicating with a background system 
('Authentication Site," Figure 3, 302) , with steps performed by the terminal comprising: 
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b. determining identification information ("Identification Information," Figure 3, 
301) which identifies the user ("The login information includes an identification of the 
user." Abstract), 

c. sending data to the background system ("The First Vendor transmits the 
Identification Information to and Authentication Site," Figure 3, 302) to authenticate the 
terminal at the background system ("Verifies the Identification Information," Figure 3, 
303) and to transmit user identification data from which the identity of the user can be 
derived ("The login information includes an identification of the user." Abstract), to the 
background system ("The First Vendor transmits the Identification Information to and 
Authentication Site," Figure 3, 302), 

d. receiving (sent to First Vendor, Figure 3, 303) data ("Second Site's Site Key," 
Figure 3, 303) assigned to the user from the background system (Authentication Site 
generates and transmits the keys, Figure 3, 303), 

e. playing back a data given by the received data to the user (Figure 3, 305), 

f. determining a personal feature of the user ("The first or second vendor can require 
that additional identification be entered before the transaction, such as a PIN number or a 
biometric," [0025]), and 

g. sending data which is related to the personal feature of the user to the background 
system to signal or document the authorization of the transaction by the user (the 
biometric information is part of the identification information, and is therefore also 
transferred to the Authentication Site. [0020] & Figure 3, 301). 
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25. Lai On does not expressly disclose that the keys are "secret data" and the communication 
processes between the terminal and the background system are protected from attacks at least in 
part by at least one of time stamps, sequence numbers, random numbers and an encryption with a 
session key. 

26. However, Schneier discloses that symmetric keys, used for communications must remain 
secret (Page 4, Paragraph 2). Therefore, it would have been obvious to one of ordinary skill in 
the art at the time of the invention to have modified the teachings of Lai On to use the keys to 
encrypt the communications and make the keys secret because the keys need to be secret in order 
for the communications to be secret (Id.). 

27. As to claim 2, Lai On further shows: 

h. the terminal sends to the background system a message secured with at least one 
of a MAC ("User Session Key," Figure 3, 305) of and a cryptographic signature for 
authentication at the background system. 

28. As to claim 3, Lai On further shows: 

i. the message contains the user identification data that corresponds to the 
identification information determined by the terminal or has been derived from it 
(Logging in requires Identification Information, Figure 3, 305 & [0010]) . 



29. 



As to claim 4, Lai On further shows: 
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J- 



the secret played back to the user is at least one of a text information (a key is a 



string of characters), acoustic information, v isual information, and tactile information. 

30. As to claim 5, Lai On further shows: 

k. transaction data is also displayed to the user [0021]. 

31. As to claim 6, Lai On further shows: 



32. As to claim 7, Lai On further shows: 

m. receiving acknowledgement data from the background system and at least one of 
displaying and printing out an acknowledgement for the user (in order for the key to be 
sent to the user through the second site it has to be displayed or printed, Figure 3, 308). 

33. As to claim 9, Lai On further shows: 

n. the secret data pertains to a secret which changes from one transaction to the next 
(for each of the countless potential second sites, there would be a different "Second Site's 
Site Key" [0024]). 



1. 



the personal feature is a biometric feature of the user [0025]. 



34. 



As to claim 10, Lai On further shows: 

o. the secret data pertains to a secret which depends at least in part on transactions 
performed previously (the Second Site's Site Key was acquired during the previous 
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transaction with the First Vendor, Figure 3). 

35. As to claim 11, Lai On further shows: 
p. the data which pertains at least to the personal feature of the user is checked, and 
the transaction is considered as authorized by the user only if this check is successful 
(Biometrics are referred to as a security measure, therefore, unless the data is verified, 
access would not be allowed [0025]). 

36. As to claim 12, Lai On further shows: 

q. acknowledgement data is sent to the terminal if the check is successful (The 
Authentication Site returns the Second Site's Site Key as a confirmation that the data 
matched. Figure 3, 308). 

Claim Interpretation 

37. The Examiner hereby adopts the following interpretations under the broadest reasonable 
interpretation standard. In accordance with In re Morris, 127 F.3d 1048, 1056, 44 USPQ2d 
1023, 1029 (Fed. Cir. 1997), the Examiner points to these other sources to support his 
interpretation of the claims. 1 Additionally, these interpretations are only a guide to claim 
terminology since claim terms must be interpreted in context of the surrounding claim language. 
Finally, the following list is not intended to be exhaustive in any way: 

1 While most definition(s) are cited because these terms are found in the claims, the Examiner 
may have provided additional definition(s) to help interpret words, phrases, or concepts found in 
the definitions themselves or in the prior art. 
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r. Adapt: "to make fit (as for a specific or new use or situation) often by 
modification." Webster's Ninth New Collegiate Dictionary , Merriam- Webster Inc., 
Springfield, MA. 1986. 

s. For: "1 a - used as a function word to indicate purpose... b - used as a function 
word to indicate an intended goal" Webster's Ninth New Collegiate Dictionary , 
Merriam- Webster Inc., Springfield MA, 1986. 

t. If: "1 a : in the event that" Webster's Ninth New Collegiate Dictionary , Merriam- 
Websterlnc, Springfield, M.A., 1986. 

u. Pertain: "to belong as a part, member, accessory, or product." Webster's Ninth 
New Collegiate Dictionary , Merriam- Webster Inc., Springfield, M.A., 1986. 
v. Transaction : "any sale, assignment, lease, license, loan, advance, contribution, or 
other transfer of any interest in or right to use any property (whether tangible or 
intangible) or money, however such transaction is effected, and whether or not the terms 
of such transaction are formally documented." Dictionary of Business Terms , 3 rd 
Edition, Barron's Educational Series Inc., Hauppauge NY, 2000. 



38. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOSHUA MURDOUGH whose telephone number is (571)270- 
3270. The Examiner can normally be reached on Monday - Thursday, 7:00 a.m. - 5:00 p.m. 

39. If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Andrew Fischer can be reached on (571) 272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



Conclusion 
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40. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Joshua Murdough 
Examiner, Art Unit 3621 



/EVENS J. AUGUSTIN/ 
Primary Examiner, Art Unit 3621 



